-
漏洞描述

Claroline contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the multiple variables in the learningPath.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

-
时间线

公开日期:
2005-04-27

发现日期:
2005-04-18

利用日期:Unknow

解决日期:Unknow

-
解决方案

Upgrade to version 1.5.4, 1.6 final or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.